If you ask today’s IT professionals which security threats keep them up at night, chances are they won’t mention an attack on their unified communications (UC) environment as one of their top concerns. This lack of worry is the result of a bit of understandable legacy thinking: After all, telephony platforms were traditionally walled gardens, entirely closed environments that simply did not face the breadth and depth of threats that their digital cousins routinely encountered. Likewise, no one considered UC systems a particularly tempting threat for attackers. Now that business communications have gone digital and begun to integrate with other systems, however, it’s a different story. With that in mind, here are four tips for securing your UC environment.

1. Treat UC as Seriously as You Would Your Email System

IT professionals have expended vast amounts of time and resources to protect their email systems against burgeoning threats like phishing and spam. UC should receive no less due diligence. If your UC platform implementation is on premises, then that means ensuring that you apply patches in a timely manner, for example. If your business uses mobile UC apps or laptop-based softphones, then consider the security of those end points, as well. This is a point at which your broader security policies may come into play, for the security of your UC environment is of course only as strong as the security of the device from which it is accessed.

2. Take Advantage of UC-Specific Security Tools

You may also want to consider the use of a session border controller to protect aspects of your UC implementation, such as Session Initiation Protocol (SIP) trunks and Web Real-Time Communications access. Virtual private networks and firewalls, although useful in many respects, may not provide your business with the granular level of security control necessary for your UC environment. Many of them also come with an SIP firewall as well as intrusion-detection and prevention tools that are specific to UC settings, giving you greater visibility into attacks that may be threatening your business. You can also use such tools to implement access controls and policies, making it easier to govern exactly how your UC system is accessed and used.

3. Consider UC-Specific User Awareness Training

Believe it or not, phishing is entering the telephony world. If your business hasn’t already been hit with spam calls and SMS phishing (SMiShing), get ready: You’re likely to run into either or both of those attacks before too long. So, it’s wise to incorporate such threats into the security awareness training that you already hold for your staff. Also consider, from an internal perspective, user policies that your business might need to put in place to prevent abuse of communications resources or toll fraud. Similarly, consider integrating UC into your overall security policies at a higher level by requiring that users update UC passwords or PINs regularly.

4. Do Due Diligence with Your UC Provider

If you have a cloud-based UC system, it’s tempting to think that you can just leave security issues to your provider. It’s the provider’s problem now, right? Well, not exactly. Due diligence of a different sort is required in this scenario. Your UC provider should be able to tell you about the measures it’s taking to protect your UC system and the protocols in place for managing any security breaches that arise. Whether your UC platform is cloud-based, on premises, or a hybrid, your vendor may be able to advise you on common-sense steps you can take to better secure your UC environment at the user level. Make sure you’re fully apprised of how seriously your UC vendor is taking security, and determine whether or not it sounds adequate for your business needs.

UC may seem like it’s flying under the radar, with no real vulnerabilities that could compromise your business. The reality is that it’s just as important to defend as any other technology out there. By taking some common-sense steps to proactively safeguard your UC system against the potential threats it faces, you can go a long way toward keeping your communications environment secure while knowing that your security strategy is as comprehensive as it should be.

Some name

Rose de Fremery is a New York-based writer living at the intersection of digital culture and creativity. As an analyst for
Studio B, she covers a range of business technology topics, such as unified communications, CRM, and marketing automation. She also writes about artificial intelligence, design thinking, innovation, and the virtual workforce. Visit her
website to view her portfolio.